Medium severity5.3NVD Advisory· Published May 14, 2024· Updated Apr 8, 2026
CVE-2023-6327
CVE-2023-6327
Description
The ShopLentor (formerly WooLentor) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the purchased_new_products function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to view all products purchased in the past week, along with the users that purchased them.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <=2.8.7
Patches
Vulnerability mechanics
References
3- plugins.trac.wordpress.org/changeset/3080097/woolentor-addons/trunk/includes/modules/sales-notification/class.sale_notification.phpnvdPatch
- www.wordfence.com/threat-intel/vulnerabilities/id/263324cb-31b7-40ad-ad7d-4582e128cd75nvdThird Party Advisory
- plugins.trac.wordpress.org/browser/woolentor-addons/tags/2.7.4/includes/modules/sales-notification/class.sale_notification.phpnvdProduct
News mentions
0No linked articles in our index yet.